Пример #1
0
 private function insert_user($data)
 {
     $user = new User();
     $salt = substr(uniqid(rand()), -6);
     $time = time();
     $ip = getRealIp();
     $password = md5(md5($data['password']) . $salt);
     $authkey = Yii::$app->security->generateRandomString();
     $password_reset_token = Yii::$app->security->generateRandomString() . '_' . time();
     $password_hash = Yii::$app->security->generatePasswordHash($data['password']);
     $user->username = $data['username'];
     $user->password = $password;
     $user->auth_key = $authkey;
     $user->password_hash = $password_hash;
     $user->password_reset_token = $password_reset_token;
     $user->mobile = $data['mobile'];
     $user->email = $data['email'];
     $user->card_id = $data['card_id'];
     $user->reg_date = $time;
     $user->reg_ip = $ip;
     $user->last_login_date = $time;
     $user->last_login_ip = $ip;
     $user->salt = $salt;
     $result = $user->save();
     if ($result) {
         $session = Yii::$app->session;
         if (!$session->isActive) {
             $session->open();
         }
         $session['user'] = ['id' => $result, 'username' => $user->username];
     }
     return $result;
 }
Пример #2
0
 /**
  * Complete the login for a user by incrementing the logins and setting
  * session data
  *
  * @param object $user user model object
  * @return void
  */
 protected function completeLogin($user = NULL)
 {
     if (!is_object($user) or !$user instanceof User) {
         return FALSE;
     }
     $user->Logins += 1;
     $user->LastIP = $user->IP;
     $user->IP = getRealIp();
     $user->save();
     $this->session->regenerate();
     $simpleUser = new User_Simple();
     $simpleUser->setUser($user->getArrayCopy());
     $this->session->set($this->config['session_key'], $simpleUser);
     return TRUE;
 }
Пример #3
0
function writeLog($where)
{
    $ip = getRealIp();
    // Get the IP from superglobal
    $host = gethostbyaddr($ip);
    // Try to locate the host of the attack
    $date = date("d M Y");
    // create a logging message with php heredoc syntax
    $logging = <<<LOG
    \t\t

    \t\t<< Start of Message >>
    \t\tThere was a hacking attempt on your form. 
 
    \t\tDate of Attack: {$date}
    \t\tIP-Adress: {$ip} 

    \t\tHost of Attacker: {$host}
    \t\tPoint of Attack: {$where}
    \t\t<< End of Message >>
LOG;
    // Awkward but LOG must be flush left
    // open log file
    if ($handle = fopen('hacklog.log', 'a')) {
        fputs($handle, $logging);
        // write the Data to file
        fclose($handle);
        // close the file
    } else {
        // if first method is not working, for example because of wrong file permissions, email the data
        $to = '*****@*****.**';
        $subject = 'HACK ATTEMPT';
        $header = 'From: primerproyecto@gmail.com';
        if (mail($to, $subject, $logging, $header)) {
            echo "Sent notice to admin.";
        }
    }
}
Пример #4
0
         if (!$database->has("saves", array("AND" => array("user_id" => $user_id, "module_type" => "author", "module_id" => $poet_id)))) {
             $ins_id = $database->insert("saves", array("user_id" => $user_id, "module_type" => "author", "module_id" => $poet_id, "ip" => getRealIp()));
             if ($ins_id) {
                 echo 1;
             } else {
                 echo 0;
             }
         }
     }
 }
 //--save favourites poet--//
 if ($action == "add_fav_user") {
     $my_id = $_SESSION['user_id'];
     if ($user_id) {
         if (!$database->has("saves", array("AND" => array("user_id" => $my_id, "module_type" => "users", "module_id" => $user_id)))) {
             $ins_id = $database->insert("saves", array("user_id" => $my_id, "module_type" => "users", "module_id" => $user_id, "ip" => getRealIp()));
             if ($ins_id) {
                 echo 1;
             } else {
                 echo 0;
             }
         }
     }
 }
 //--poem post to facebook--//
 if ($action == 'post_to_facebook') {
     $fbid = $_SESSION['fbid'];
     if ($fbid) {
         $poem_for_post = $database->get("poems", "*", array("id" => $poem_id));
         $_share = array('message' => clean($poem_for_post['poem_title']), 'link' => clean(get_url($database, "poem", $poem_id, $poem_for_post['poem_slug'])), 'name' => clean(site_name), 'description' => clean(strip_tags($poem_for_post['poem'])));
         $access_token = $facebook->getAccessToken();
Пример #5
0
require $rootdir . 'smarty/libs/Smarty.class.php';
$smarty = new Smarty();
$smarty->compile_check = true;
$smarty->debugging = false;
$curtemplate = $_SESSION["gw_template"];
if (!$curtemplate) {
    $curtemplate = "default";
}
if ($curtemplate_overwrite) {
    if (file_exists($etel_root_path . "/tmpl/" . $curtemplate_overwrite . "/cp_header.tpl")) {
        $curtemplate = $curtemplate_overwrite;
    } else {
        etelPrint($etel_root_path . "/tmpl/" . $curtemplate_overwrite . "/cp_header.tpl Not Found");
    }
}
$smarty->template_dir = $etel_root_path . "/tmpl/" . $curtemplate . "/";
$smarty->compile_dir = $etel_root_path . "/tmpl/" . $curtemplate . "_c/";
$smarty->config_dir = $etel_root_path . "/tmpl/" . $curtemplate . "/config/";
$tmpl_dir = $etel_domain_path . "/tmpl/" . $curtemplate . "/";
$smarty->assign("rootdir", $etel_domain_path);
$smarty->assign("tempdir", $tmpl_dir);
$smarty->assign("display_stat_wait", $display_stat_wait);
$smarty->assign("gw_phone_support", $_SESSION["gw_phone_support"]);
$smarty->assign("gateway_title", ':: ' . $_SESSION["gw_title"] . ' Payment Gateway :: ');
$smarty->assign("page_title", $pageConfig['Title']);
if (!$pageConfig['HideHeader']) {
    require_once $rootdir . 'includes/links.php';
}
if (isProxy()) {
    dieLog("Proxy Server - " . getRealIp(), "Proxy Server Detected. Please do not use a Proxy Server when accessing your Merchant Login.");
}
Пример #6
0
    // get the users display name
    $_SESSION['email'] = $results[4];
    // users email address
    $_SESSION['group'] = $results[5];
    // what ecg-group is the user in
    $_SESSION['auth'] = true;
    // authorise user to access logged in areas
    $_SESSION['wrong'] = 0;
    // reset wrong counter
    $_SESSION['hack'] = 0;
    // reset hack atempt count
    setcookie("game", $game_input, time() + 60 * 60 * 24 * 31, $path);
    // set the game cookie equal to the game choosen in the login form
    $_SESSION['finger'] = $ses->getFinger();
    // find the hash of user agent plus salt
    $ip = getRealIp();
    // get users current IP
    $result = $dbl->newUserInfo($ip, $results[0]);
    // update user to have new time and IP
    sendHome();
    // return to home page
    exit;
    // We are done with this page so we can end here
} elseif ($_POST['lostpw']) {
    // if this is a lost password first step submit
    $page = 'lostpw';
    if (verifyFormTokenLogin('lostpw', $tokens) == false) {
        // verify token
        ifTokenBad('Lost Password');
    }
    // if bad log and send error
Пример #7
0
        if ($ip) {
            array_unshift($ips, $ip);
            $ip = FALSE;
        }
        foreach ($ips as $v) {
            if (checkIP($v)) {
                $ip = $v;
                break;
            }
        }
    }
    if ($ip == false && $_SERVER['REMOTE_ADDR'] == '127.0.0.1') {
        echo 'unknown';
    }
    return $ip ? $ip : $_SERVER['REMOTE_ADDR'];
}
function checkIP($ip)
{
    if ('10.' == substr($ip, 0, strlen('10.')) || '192.168.' == substr($ip, 0, strlen('192.168.'))) {
        return false;
    }
    if ('172.' == substr($ip, 0, strlen('172.')) && intval(explode($ip, '.')) >= 16 && intval(explode($ip, '.')) <= 31) {
        return false;
    }
    if ('127.0.0.1' == $ip) {
        return false;
    }
    return true;
}
echo getRealIp();
//echo checkIP('11.169.1.1');
Пример #8
0
<?php

chdir('..');
require_once "includes/function.php";
$etel_debug_mode = 0;
$etel_disable_https = 1;
$cAffiliateRef = preg_replace("/[^0-9A-Za-z]/", '', $_GET['Af_Ref']);
$Merchant_Ref = preg_replace("/[^0-9A-Za-z]/", '', $_GET['Mr_Ref']);
require_once "includes/dbconnection.php";
$data = array();
$data['Clicker_Ref'] = $_COOKIE['cClickerRef'];
$data['Affiliate_Ref'] = $cAffiliateRef;
$data['Merchant_Ref'] = $Merchant_Ref;
$data['host_name'] = gethostbyaddr(getRealIp());
$data['ip_address'] = getRealIp();
$data['tc_time'] = time();
$data['this_url'] = $_SERVER['HTTP_REFERER'];
//$_SERVER['REQUEST_URI'];
$data['refer_url'] = rawurldecode($_GET['URL_Ref']);
if (!$data['Affiliate_Ref']) {
    $url_info = parse_url($data['this_url']);
    parse_str($url_info['query'], $vars);
    if ($vars['Af_Ref']) {
        $data['Affiliate_Ref'] = preg_replace("/[^0-9A-Za-z]/", '', $vars['Af_Ref']);
    }
}
etel_record_click($data);
if (!$_COOKIE['cClickerRef'] && $data['Clicker_Ref']) {
    etel_set_cookie("cClickerRef", $data['Clicker_Ref'], time() + 60 * 60 * 24 * 30, '/');
}
if ($data['Affiliate_Ref']) {
Пример #9
0
<?php

include "includes/sessioncheck.php";
require_once "includes/dbconnection.php";
include "includes/header.php";
require_once 'includes/function.php';
$agree_contract = isset($HTTP_GET_VARS['agree_contract']) ? Trim($HTTP_GET_VARS['agree_contract']) : "0";
if ($agree_contract) {
    $cd_contract_ip = getRealIp();
    $cd_contract_date = time();
}
$sessionlogin = isset($HTTP_SESSION_VARS["sessionlogin"]) ? $HTTP_SESSION_VARS["sessionlogin"] : "";
$completedUploadingDoc = isset($HTTP_GET_VARS['completed']) ? Trim($HTTP_GET_VARS['completed']) : "";
$str_qry = "update cs_companydetails set merchant_contract_agree = '{$agree_contract}',cd_contract_ip='{$cd_contract_ip}',cd_contract_date='{$cd_contract_date}' where userId = '{$sessionlogin}'";
if (!mysql_query($str_qry, $cnn_cs)) {
    dieLog(mysql_errno() . ": " . mysql_error() . "<BR>");
}
$str_completed_uploading = isset($HTTP_GET_VARS['completedUploading']) ? Trim($HTTP_GET_VARS['completedUploading']) : "";
if ($completedUploadingDoc != "") {
    $str_qry = "update cs_companydetails set completed_uploading = '{$str_completed_uploading}' where userId = {$sessionlogin}";
    if (!mysql_query($str_qry, $cnn_cs)) {
        dieLog(mysql_errno() . ": " . mysql_error() . "<BR>");
    }
}
$str_qry = "select completed_uploading from cs_companydetails where userId = {$sessionlogin}";
if (!($sql_select_val = mysql_query($str_qry, $cnn_cs))) {
    dieLog(mysql_errno() . ": " . mysql_error() . "<BR>");
} else {
    $confirm = "";
    if (mysql_result($sql_select_val, 0, 0) == "Y") {
        $confirm = "checked";
Пример #10
0
function general_login($username, $password, $usertype, $gatewayid, $reset_session = true, $redirect = true)
{
    global $cnn_cs;
    global $etel_domain_path;
    global $etel_debug_mode;
    global $database;
    //mysql_select_db($database["database_main"],$cnn_cs) or dieLog("Unable to connect database");
    $sql = "SELECT * FROM {$database['database_main']}.`etel_gateways` where `gw_id`= '{$gatewayid}'";
    $result = sql_query_read($sql, $cnn_cs) or die(mysql_error() . " {$sql}");
    $gw = mysql_fetch_assoc($result);
    //mysql_select_db($gw["gw_database"],$cnn_cs) or die("Unable to connect database ".$gw["gw_database"]);
    $username = strtolower($username);
    $password = strtolower($password);
    if ($reset_session) {
        session_unset();
    }
    if (!$_SESSION["gw_switch"]) {
        $_SESSION["gw_switch"] = $gatewayid;
    }
    $_SESSION["gw_database"] = $gw['gw_database'];
    $_SESSION["gw_id"] = $gw['gw_id'];
    $_SESSION["gw_template"] = $gw['gw_template'];
    $_SESSION["gw_links"] = $gw['gw_links'];
    $_SESSION["gw_folder"] = $gw['gw_folder'];
    $_SESSION["gw_index"] = $gw['gw_index'];
    $_SESSION["gw_title"] = $gw['gw_title'];
    $_SESSION["gw_emails_sales"] = $gw['gw_emails_sales'];
    $_SESSION["gw_user_username"] = $username;
    $_SESSION["gw_user_password"] = $password;
    $_SESSION["gw_user_hash"] = md5($username . $password);
    $redir_add = "&nr=1";
    if (!strpos(base64_decode($_REQUEST['login_redir']), "?")) {
        $redir_add = "?nr=1";
    }
    // Find Entity
    $sql = "\r\n\tselect \r\n\t\ten.*\r\n\tfrom \r\n\t\tcs_entities as en \r\n\twhere \r\n\t\ten_username='******' \r\n\t\tand en_password='******' \r\n\t";
    $ip = getRealIp();
    $result = sql_query_read($sql) or dieLog(mysql_error());
    if ($userInfo = mysql_fetch_assoc($result)) {
        sql_query_write("update cs_entities set en_last_IP = '{$ip}', en_last_login = NOW() where en_ID = '" . $userInfo['en_ID'] . "'") or dieLog(mysql_error());
        toLog('login', $userInfo['en_type'], "Login: U:{$username}, IP:" . getRealIp(), $_SESSION["sessionlogin"]);
        if ($userInfo['en_gateway_ID'] && $userInfo['en_gateway_ID'] != $_SESSION["gw_id"]) {
            $_SESSION["gw_switch"] = $userInfo['en_gateway_ID'];
        }
        switch ($userInfo['en_type']) {
            case "merchant":
                $_SESSION["sessionlogin"] = $userInfo['en_type_ID'];
                $_SESSION["userType"] = "Merchant";
                if (is_string($redirect)) {
                    header("location:" . $etel_domain_path . $redirect);
                } else {
                    if ($_REQUEST['login_redir']) {
                        header("location:" . $_SESSION["gw_domain"] . base64_decode($_REQUEST['login_redir']) . $redir_add);
                    } else {
                        if ($show_val['cd_completion'] <= 9) {
                            header("location:" . $etel_domain_path . "/SmartProjection.php");
                        } else {
                            header("location:" . $etel_domain_path . "/SmartProjection.php");
                        }
                    }
                }
                exit;
                break;
            case "reseller":
                $_SESSION["sessionReseller"] = $userInfo['en_type_ID'];
                $_SESSION["userType"] = "Reseller";
                if (is_string($redirect)) {
                    header("location:" . $etel_domain_path . $redirect);
                } else {
                    if ($_REQUEST['login_redir']) {
                        header("location:" . $_SESSION["gw_domain"] . base64_decode($_REQUEST['login_redir']) . $redir_add);
                    } else {
                        header("location:" . $etel_domain_path . "/reseller/blank.php");
                    }
                }
                exit;
                break;
            case "admin":
                $_SESSION["userType"] = "Admin";
                $_SESSION["gw_user_username"] = $username;
                $_SESSION["gw_user_password"] = $password;
                $_SESSION["gw_user_hash"] = md5($username . $password);
                if ($redirect === true) {
                    if ($_REQUEST['login_redir']) {
                        header("location:" . $_SESSION["gw_domain"] . base64_decode($_REQUEST['login_redir']) . $redir_add);
                    } else {
                        if ($userInfo['li_level'] == 'singleview' || $userInfo['li_singleview_allow']) {
                            $pages = explode("|", $userInfo['li_singleview_allow']);
                            header("location:" . $etel_domain_path . "/admin/" . $pages[0]);
                        } else {
                            header("location:" . $etel_domain_path . "/admin/blank.php");
                        }
                    }
                    exit;
                } else {
                    if ($redirect != "None") {
                        header("location:" . $etel_domain_path . $redirect);
                        exit;
                    }
                }
                break;
        }
    } else {
        toLog('login', 'misc', "Login Failed: U:{$username}, IP:" . getRealIp(), $_SESSION["sessionlogin"]);
        return array('status' => false, 'msg' => "Invalid Username/Password.");
    }
}
Пример #11
0
$trans_table = "`cs_transactiondetails`";
if ($testmode) {
    $trans_table = "`cs_test_transactiondetails`";
}
$sql = "SELECT * FROM {$trans_table} WHERE {$affiliation} AND `td_recur_processed` = 0 and status='A' AND `td_recur_next_date`>=CURDATE()";
$result = mysql_query($sql, $cnn_cs) or dieLog("ERR");
$num = mysql_num_rows($result);
//if($num<1) die("UNF");
$htpasswd = "";
$numPass = 0;
while ($accountInfo = mysql_fetch_assoc($result)) {
    // Adding user
    $tohash .= $accountInfo['td_username'] . ":" . $accountInfo['td_password'];
    $username = $accountInfo['td_username'];
    $password = crypt($accountInfo['td_password']);
    $htpasswd .= $username . ":" . $password . "\n";
    $numPass++;
}
$hash = md5($tohash);
if ($hash == $siteInfo['cs_user_checksum'] && !$forceupdate) {
    die("CUR");
}
$testmode_msg = "Live Mode";
if ($testmode) {
    $testmode_msg = "Test Mode";
}
//$showsql = $sql;
toLog('login', 'merchant', $siteInfo['cs_URL'] . " Requests .htpasswd Update in {$testmode_msg}: ({$numPass}) SQL={$showsql} AllowAny={$allow_any_site} IP=" . getRealIp(), $cs_company_id);
$result = mysql_query("UPDATE `cs_company_sites` set `cs_user_checksum`= '{$hash}' WHERE `cs_gatewayId` = " . $_SESSION["gw_id"] . " AND `cs_reference_id` = '{$mt_reference_id}'", $cnn_cs) or dieLog("ERR");
//$ht->addLogin();
die($htpasswd);
Пример #12
0
function found()
{
    include 'dati.php';
    $date = gmdate(DATE_RFC822, getRealHour());
    $ip = getRealIp();
    if ($dati['logging'] == 1) {
        $file = fopen('log.txt', 'a+');
        fwrite($file, $_SERVER['PHP_SELF'] . " \n " . $_SERVER['REQUEST_URI'] . " \n" . $_SERVER['HTTP_USER_AGENT'] . " \n" . $date . " \n" . $ip . "\n\n\t  ________________________________________\n");
        fclose($file);
    }
    if ($dati['alert'] == 1) {
        mail($dati['email_admin'], 'unsyIDS stopped an attack', 'I just stopped an attack on your site
If you have turned on the logging system you can read the list of attack stopped
Date of attack: ' . $date . '
Query string: ' . $_SERVER['QUERY_STRING'] . '
User Agent: ' . $_SERVER['HTTP_USER_AGENT'] . '
Ip: ' . $ip . ' 
Thanks for using this software,
Have a nice day', 'X-Mailer: unsyIDS \\r\\n
Content-type: text; charset=iso-8859-1 \\r\\n,
Content-Transfer-Encoding: 8bit\\n\\n');
    }
    if ($dati['alert'] == 1) {
        ?>
		 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
		 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
		 <html xmlns="http://www.w3.org/1999/xhtml" lang="it"> 
		 <head> 
		 <title>Buhahahahahaha</title> 
		 <!-- meta tag --> 
		 <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> 
		 <meta http-equiv="Content-Language" content="en" /> 
		 <meta name="Keywords" content="unsigned space" /> 
		 <meta name="Owner" content="Luca \'Unsigned\' <*****@*****.**>" /> 
		 <meta name="Author" content="Luca \'Unsigned\' <luca@unsigned.it)" /> 
		 <meta name="distribution" content="Global" />  
		 <meta name="generator" content="Vim" /> 
		 <meta name="cms" content="unsyIDS" /> 
		 <meta name="Copyright" content="unsigned.it" /> 
		 <style> 
			body{
				background-color: #000000;
				color:#00ff00;
				text-align:center;
			}
		</style> 
		</head> 
		<body> 
		<h1>Lolz you fail</h1> 
		<p>Attack found from <?php 
        echo $ip;
        ?>
</p>
		<p>Your browser is: <?php 
        echo htmlentities($_SERVER['HTTP_USER_AGENT']);
        ?>
</p>
		<p>Powered by unsyIDS</p>
		</body> 
		</html>
		
		<?php 
    }
    die;
}
Пример #13
0
function en_confirm_website($cs_ID, $cs_verified, $cs_reason)
{
    global $curUserInfo;
    if (!$curUserInfo['en_access'][ACCESS_AUTH_RISK_REVIEW]) {
        return array('msg' => 'Invalid Access', 'status' => false);
    }
    $return = array('msg' => 'Website Failed to Update', 'status' => false);
    if ($cs_verified == 'declined' && strlen($cs_reason) < 3) {
        return array('msg' => 'Website Failed to Update: Invalid Reason', 'status' => false);
    }
    $cs_ID = intval($cs_ID);
    $cs_verified = quote_smart($cs_verified);
    $cs_reason = quote_smart($cs_reason);
    $sql = "select * from `cs_company_sites` as cs where cs.cs_ID='{$cs_ID}' ";
    $result = sql_query_read($sql) or dieLog(mysql_error() . " {$sql}");
    $siteInfo = mysql_fetch_assoc($result);
    $entityInfo = en_get_general_info($siteInfo['cs_en_ID']);
    $letterTempate = 'merchant_website_approved';
    if ($cs_verified == 'declined') {
        $letterTempate = 'merchant_website_declined';
    }
    $cs_URL = $siteInfo['cs_URL'];
    $emailData["email"] = $entityInfo['en_email'];
    if (!sizeof($entityInfo['Affiliates']['Representative'])) {
        $entityInfo['Affiliates']['Representative'][] = array('en_email' => '*****@*****.**', 'en_company' => 'Default Rep');
    }
    if ($entityInfo['Affiliates']) {
        foreach ($entityInfo['Affiliates'] as $type => $group) {
            if (in_array($type, array('Reseller', 'Representative'))) {
                foreach ($group as $id => $data) {
                }
            }
        }
    }
    $emailData["email"] .= ', ' . $data['en_email'];
    $emailData["companyname"] = $entityInfo['en_company'];
    $emailData["Reference_ID"] = $entityInfo['en_ref'];
    $emailData["gateway_select"] = $entityInfo['en_gateway_ID'];
    $emailData["Message"] = $cs_reason;
    $emailData["site_URL"] = $siteInfo['cs_URL'];
    $sql = "Update `cs_company_sites` as cs set `cs_verified` = '{$cs_verified}',`cs_reason` = '{$cs_reason}' where `cs_ID` = '{$cs_ID}'";
    $result = sql_query_write($sql) or dieLog(mysql_error());
    if (mysql_affected_rows()) {
        $return = array('msg' => "Site '" . $entityInfo['cs_name'] . "' Updated Successfully (" . ucfirst($cs_verified) . "). Email sent to '" . $emailData["email"] . "'", 'status' => true);
    }
    toLog('misc', 'merchant', "Merchant Site {$cs_URL} has been set " . ucfirst($cs_verified) . " by IP:" . getRealIp(), $_SESSION["sessionlogin"]);
    if ($cs_verified != 'ignored') {
        send_email_template($letterTempate, $emailData);
    }
    return $return;
}
Пример #14
0
        }
    }
}
if (!$gateway_db_select) {
    die("Invalid Access {$gateway_db_select}");
}
$gwInfo = $etel_gw_list[$gateway_db_select];
if ($gwInfo) {
    foreach ($gwInfo as $k => $d) {
        $_SESSION[$k] = $d;
    }
}
$_SESSION["gw_database"] = $gwInfo['gw_database'];
$curtemplate_overwrite = $gwInfo['gw_template'];
$gw_title_overwrite = $gwInfo['gw_title'];
$etel_current_ip = getRealIp();
//if(ip2long($etel_current_ip)==$gwInfo['gw_debug_ip'] && !isset($etel_debug_mode)&& ip2long($etel_current_ip)!='1193664307') $etel_debug_mode = 1;
if ($gw_title_overwrite) {
    $_SESSION["gw_title"] = $gw_title_overwrite;
}
$database["database"] = $_SESSION["gw_database"];
mysql_select_db($database["database"], $cnn_cs) or die("Unable to connect database: " . $database["database"]);
$redirect_home = false;
if ($_SESSION["userType"] == "Admin") {
    unset($_SESSION["gw_switch"]);
    $sql = "\r\n\t\tselect \r\n\t\t\t*\r\n\t\tfrom \r\n\t\t\tcs_entities as en \r\n\t\twhere \r\n\t\t\ten_username='******' \r\n\t\t\tand en_password='******' \r\n\t\t";
    $result = sql_query_read($sql) or dieLog(mysql_errno() . ": " . mysql_error() . "<BR>Cannot execute query {$sql}");
    if (mysql_num_rows($result) < 1) {
        $redirect_home = true;
    } else {
        $curUserInfo = mysql_fetch_assoc($result);
Пример #15
0
    $tran_login_type = "";
    if ($i_company_id != "") {
        $sql_trans_type = "Select transaction_type,bank_Creditcard  from cs_companydetails where userid={$i_company_id}";
        if ($show_trans_show = mysql_query($sql_trans_type)) {
            if ($show_val = mysql_fetch_array($show_trans_show)) {
                $tran_login_type = $show_val[0];
                $bank_Creditcard = $show_val[1];
            }
        }
    }
    if ($tran_login_type == "tele") {
        $i_to_day = date("d", mktime(0, 0, 0, $i_to_month, $i_to_day + 1, $i_to_year));
        $i_to_month = date("m", mktime(0, 0, 0, $i_to_month, $i_to_day + 1, $i_to_year));
        $i_to_year = date("Y", mktime(0, 0, 0, $i_to_month, $i_to_day + 1, $i_to_year));
    }
    $domain = getRealIp();
    ?>
<script language="javascript" src="../scripts/general.js"></script>
<script language="javascript" src="../scripts/creditcard.js"></script>
<script language="javascript" src="../scripts/formvalid.js"></script>
<script>
function func_gercurrency(check){
	if (check=='set'){
		var currency = document.creditcardFrm.cardtype.value;
		if(currency=='Master')
		{
		<?php 
    $str_currency = $mastercurrency;
    ?>
			//document.getElementById('txt_amount').firstChild.nodeValue='(<?php 
    echo $str_currency;
Пример #16
0
/**
 * Send an email about a possible hack to the admin
 *
 * @param string $where - where the event happened
 */
function writeLog($where)
{
    $ip = getRealIp();
    // Get the IP from superglobal
    $host = gethostbyaddr($ip);
    // Try to locate the host of the attack
    // create a logging message with php heredoc syntax
    $logging = <<<LOGMSGG
\tThere was a hacking attempt,.
\tIP-Adress: {$ip}
\tHost of Attacker: {$host}
\tPoint of Attack: {$where}
LOGMSGG;
    // Awkward but LOG must be flush left
    // log the message
    echLog('hack', $logging);
}
Пример #17
0
    if (is_array($_POST['Ignore_Website'])) {
        foreach ($_POST['Ignore_Website'] as $cs_ID) {
            $cs_ID = intval($cs_ID);
            $cs_reason = $_POST['Reject_Reason_' . $cs_ID];
            $sql = "select * from `cs_email_lists` as ec left join `cs_companydetails` as cd on cd.userId=cs.cs_company_id where cs.cs_ID='{$cs_ID}'";
            $result = mysql_query($sql) or dieLog(mysql_error());
            $companyInfo = mysql_fetch_assoc($result);
            $cs_URL = $companyInfo['cs_URL'];
            $sql = "Update `cs_email_lists` set `ec_type` = 'ignored',`cs_reason` = '{$cs_reason}' where `cs_ID` = '{$cs_ID}'";
            $result = mysql_query($sql) or dieLog(mysql_error());
            if (sizeof($recentIDs) > 9) {
                array_pop($recentIDs);
            }
            $recentIDs[] = $cs_ID;
            $msg .= "<span class='approved'>{$cs_URL} has been Ignored.</span><BR>\n";
            toLog('misc', 'merchant', "Merchant Site {$cs_URL} has been Ignored by IP:" . getRealIp(), $_SESSION["sessionlogin"]);
        }
    }
}
$_SESSION['recentEmailIds'] = $recentIDs;
$recentIDsql = "";
if (is_array($recentIDs)) {
    foreach ($recentIDs as $id) {
        $recentIDsql .= " or (`el_ID` = '{$id}') ";
    }
}
$sql = "SELECT count(ec_email) as cnt\nFROM `cs_email_lists` as ec \nWHERE 1";
$result = mysql_query($sql) or dieLog(mysql_error());
$numEmails = mysql_fetch_assoc($result);
$numEmails = $numEmails['cnt'];
$sql = "SELECT ec.*,companyname,reseller_companyname,reference_number,cd.userId,rd.reseller_id,td.transactionId\nFROM `cs_email_lists` as ec \nleft join `cs_companydetails` as cd on cd.userId=ec_item_ID AND ec_type='merchant'\nleft join `cs_resellerdetails` as rd on rd.reseller_id=ec_item_ID AND ec_type='reseller'\nleft join `cs_transactiondetails` as td on td.transactionId=ec_item_ID AND ec_type='customer'\nWHERE 1\ngroup by ec_ID\norder by\nec_type DESC,\nec_action DESC\n";
Пример #18
0
$socialno = isset($HTTP_POST_VARS['securityno']) ? quote_smart($HTTP_POST_VARS['securityno']) : "";
$licensestate = isset($HTTP_POST_VARS['licensestate']) ? quote_smart($HTTP_POST_VARS['licensestate']) : "";
$licenceno = isset($HTTP_POST_VARS['driverlicense']) ? quote_smart($HTTP_POST_VARS['driverlicense']) : "";
$misc = isset($HTTP_POST_VARS['misc']) ? quote_smart($HTTP_POST_VARS['misc']) : "";
$domain1 = isset($HTTP_POST_VARS['domain1']) ? quote_smart($HTTP_POST_VARS['domain1']) : "";
$str_3DS = isset($HTTP_POST_VARS['securepin']) ? quote_smart($HTTP_POST_VARS['securepin']) : "";
$mt_prod_desc = isset($HTTP_POST_VARS['productdescription']) ? quote_smart($HTTP_POST_VARS['productdescription']) : "";
$socialno = isset($HTTP_POST_VARS['securityno']) ? quote_smart($HTTP_POST_VARS['securityno']) : "";
$site_id = isset($HTTP_POST_VARS['selectSite']) ? quote_smart($HTTP_POST_VARS['selectSite']) : "";
$testmode = isset($HTTP_POST_VARS['testmode']) ? quote_smart($HTTP_POST_VARS['testmode']) : "";
if ($testmode) {
    $testmode = "Test";
} else {
    $testmode = "Live";
}
$ipaddress = getRealIp();
if (!$ipaddress) {
    $ipaddress = "64.91.254.105";
}
$ipaddress = "64.91.254.105";
$dateOfBirth = "";
$validupto = "{$yyyy}/{$mm}";
$i_return_url = 'virtualterminal.php';
if ($companyInfo['block_virtualterminal'] != 0) {
    $msgdisplay + "Hack Attempt Recorded. You may not process virtualterminal transactions.";
    message($msgdisplay, $msgdisplay, $msgdisplay);
    toLog('hackattempt', 'customer', "Customer Attempted to process a virtual terminal transaction in " . basename(__FILE__) . " on Line " . __LINE__ . " {$msgdisplay}", $companyid);
    exit;
}
$qrt_select_company = "Select companyname,transaction_type,cc_billingdescriptor,email,send_mail,send_ecommercemail,bank_Creditcard,bank_shopId,bank_Username,bank_Password,sdateofbirth from cs_companydetails where userid='{$companyid}'";
if (!($show_sql_run = mysql_query($qrt_select_company))) {
Пример #19
0
     $return_data['comments'] = $get_comments;
     echo json_encode($return_data);
 }
 //get_comments_information ajax ends
 //post_comment ajax starts
 if ($action == 'post_comment') {
     //pr($_POST);
     //initialise return data
     $return_data = array();
     //check if user logs in
     if ($user_id != 0) {
         //if user is logged in
         //check if message is received
         if ($comment) {
             //message is received
             $ins = $database->insert("comments", array("comment" => $comment, "user_id" => $user_id, "module_type" => $module_type, "module_id" => $module_id, "ip" => getRealIp()));
             if ($ins) {
                 $return_data['status'] = "success";
             } else {
                 $return_data['status'] = "unable to post comment";
             }
         } else {
             //message is not received
             $return_data['status'] = "no message";
         }
     } else {
         //if user is not logged in
         $return_data['status'] = "no login";
     }
     echo $return_data['status'];
 }